Dataflow: Postpone typeflow calledge pruning until stage 3.

aschackmull · aschackmull · commit 47f68504a82a · 2023-09-13T15:43:46.000+02:00
diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll
@@ -1185,6 +1185,8 @@ module MakeImpl<InputSig Lang> {
 
         bindingset[typ, contentType]
         predicate typecheckStore(Typ typ, DataFlowType contentType);
+
+        default predicate enableTypeFlow() { any() }
       }
 
       module Stage<StageParam Param> implements StageSig {
@@ -1541,6 +1543,8 @@ module MakeImpl<InputSig Lang> {
         }
 
         private module FwdTypeFlowInput implements TypeFlowInput {
+          predicate enableTypeFlow = Param::enableTypeFlow/0;
+
           predicate relevantCallEdgeIn(DataFlowCall call, DataFlowCallable c) {
             flowIntoCallApa(call, c, _, _, _, _)
           }
@@ -1845,6 +1849,8 @@ module MakeImpl<InputSig Lang> {
         }
 
         private module RevTypeFlowInput implements TypeFlowInput {
+          predicate enableTypeFlow = Param::enableTypeFlow/0;
+
           predicate relevantCallEdgeIn(DataFlowCall call, DataFlowCallable c) {
             flowOutOfCallAp(call, c, _, _, _, _)
           }
@@ -2306,6 +2312,8 @@ module MakeImpl<InputSig Lang> {
 
       bindingset[typ, contentType]
       predicate typecheckStore(Typ typ, DataFlowType contentType) { any() }
+
+      predicate enableTypeFlow() { none() }
     }
 
     private module Stage2 implements StageSig {
diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll
@@ -971,6 +971,8 @@ module MakeImplCommon<InputSig Lang> {
   }
 
   signature module TypeFlowInput {
+    predicate enableTypeFlow();
+
     /** Holds if the edge is possibly needed in the direction `call` to `c`. */
     predicate relevantCallEdgeIn(DataFlowCall call, DataFlowCallable c);
 
@@ -1036,24 +1038,27 @@ module MakeImplCommon<InputSig Lang> {
      */
     pragma[nomagic]
     private predicate trackedArgTypeCand(ArgNode arg) {
-      exists(ParamNode p, DataFlowType at, DataFlowType pt |
-        at = getNodeType(arg) and
-        pt = getNodeType(p) and
-        relevantCallEdge(_, _, arg, p) and
-        typeStrongerThan0(pt, at)
-      )
-      or
-      exists(ParamNode p, DataFlowType at, DataFlowType pt |
-        at = getNodeType(arg) and
-        pt = getNodeType(p) and
-        paramMustFlow(p, arg) and
-        relevantCallEdge(_, _, arg, _) and
-        typeStrongerThan0(at, pt)
-      )
-      or
-      exists(ParamNode p |
-        trackedParamTypeCand(p) and
-        relevantCallEdge(_, _, arg, p)
+      Input::enableTypeFlow() and
+      (
+        exists(ParamNode p, DataFlowType at, DataFlowType pt |
+          at = getNodeType(arg) and
+          pt = getNodeType(p) and
+          relevantCallEdge(_, _, arg, p) and
+          typeStrongerThan0(pt, at)
+        )
+        or
+        exists(ParamNode p, DataFlowType at, DataFlowType pt |
+          at = getNodeType(arg) and
+          pt = getNodeType(p) and
+          paramMustFlow(p, arg) and
+          relevantCallEdge(_, _, arg, _) and
+          typeStrongerThan0(at, pt)
+        )
+        or
+        exists(ParamNode p |
+          trackedParamTypeCand(p) and
+          relevantCallEdge(_, _, arg, p)
+        )
       )
     }
 
@@ -1276,10 +1281,14 @@ module MakeImplCommon<InputSig Lang> {
     predicate typeFlowValidEdgeIn(DataFlowCall call, DataFlowCallable c, boolean cc) {
       Input::relevantCallEdgeIn(call, c) and
       cc = [true, false] and
-      forall(ArgNode arg, ParamNode p |
-        callEdge(call, c, arg, p) and trackedArgType(arg) and paramMustFlow(_, arg)
-      |
-        validArgParamIn(arg, p, cc)
+      (
+        not Input::enableTypeFlow()
+        or
+        forall(ArgNode arg, ParamNode p |
+          callEdge(call, c, arg, p) and trackedArgType(arg) and paramMustFlow(_, arg)
+        |
+          validArgParamIn(arg, p, cc)
+        )
       )
     }
 
@@ -1313,8 +1322,12 @@ module MakeImplCommon<InputSig Lang> {
      */
     predicate typeFlowValidEdgeOut(DataFlowCall call, DataFlowCallable c) {
       Input::relevantCallEdgeOut(call, c) and
-      forall(ArgNode arg, ParamNode p | callEdge(call, c, arg, p) and trackedParamType(p) |
-        validArgParamOut(arg, p)
+      (
+        not Input::enableTypeFlow()
+        or
+        forall(ArgNode arg, ParamNode p | callEdge(call, c, arg, p) and trackedParamType(p) |
+          validArgParamOut(arg, p)
+        )
       )
     }
   }

Original file line number	Diff line number	Diff line change
`@@ -1185,6 +1185,8 @@ module MakeImpl<InputSig Lang> {`
`1185`	`1185`
`1186`	`1186`	`bindingset[typ, contentType]`
`1187`	`1187`	`predicate typecheckStore(Typ typ, DataFlowType contentType);`
	`1188`	`+`
	`1189`	`+ default predicate enableTypeFlow() { any() }`
`1188`	`1190`	`}`
`1189`	`1191`
`1190`	`1192`	`module Stage<StageParam Param> implements StageSig {`
`@@ -1541,6 +1543,8 @@ module MakeImpl<InputSig Lang> {`
`1541`	`1543`	`}`
`1542`	`1544`
`1543`	`1545`	`private module FwdTypeFlowInput implements TypeFlowInput {`
	`1546`	`+ predicate enableTypeFlow = Param::enableTypeFlow/0;`
	`1547`	`+`
`1544`	`1548`	`predicate relevantCallEdgeIn(DataFlowCall call, DataFlowCallable c) {`
`1545`	`1549`	`flowIntoCallApa(call, c, _, _, _, _)`
`1546`	`1550`	`}`
`@@ -1845,6 +1849,8 @@ module MakeImpl<InputSig Lang> {`
`1845`	`1849`	`}`
`1846`	`1850`
`1847`	`1851`	`private module RevTypeFlowInput implements TypeFlowInput {`
	`1852`	`+ predicate enableTypeFlow = Param::enableTypeFlow/0;`
	`1853`	`+`
`1848`	`1854`	`predicate relevantCallEdgeIn(DataFlowCall call, DataFlowCallable c) {`
`1849`	`1855`	`flowOutOfCallAp(call, c, _, _, _, _)`
`1850`	`1856`	`}`
`@@ -2306,6 +2312,8 @@ module MakeImpl<InputSig Lang> {`
`2306`	`2312`
`2307`	`2313`	`bindingset[typ, contentType]`
`2308`	`2314`	`predicate typecheckStore(Typ typ, DataFlowType contentType) { any() }`
	`2315`	`+`
	`2316`	`+ predicate enableTypeFlow() { none() }`
`2309`	`2317`	`}`
`2310`	`2318`
`2311`	`2319`	`private module Stage2 implements StageSig {`